Horizon Alert
Summary of the vulnerability and why it matters
A vulnerability in Open WebUI, a self-hosted AI platform, could allow authenticated users to execute arbitrary Python code or tools within another user's session by exploiting a flaw in how it handles specific communication events. This could potentially lead to unauthorized actions within the affected user's session.
- Allows code execution by authenticated users.
- Enables unauthorized actions in another user's session.
- Confirm relevance and assess potential exposure.
Attack Path
How an attacker could exploit the issue
An attacker with authenticated access to Open WebUI could potentially gain the ability to execute arbitrary code. By learning another user's session ID, an attacker could trigger the `get_event_call` function to send `execute:python` or `execute:tool` Socket.IO events. This would allow the attacker to run code interpreter Python or tools within the context of the targeted user's session.
- Authenticated user access required.
- Triggered by sending specific Socket.IO events.
- Enables arbitrary code execution.
Live Threat
Current exploitation, exposure, and threat context
An authenticated user could potentially execute arbitrary code and access sensitive information within another user's session on the Open WebUI platform. This may occur when an attacker, after discovering another user's session ID, leverages a weakness in the event delivery mechanism to run code interpreter Python or tools within that compromised session.
- User session data and system access.
- Unrestricted code execution via socket events.
- Unauthorized access and potential data compromise.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Open WebUI platform, used for self-hosted AI, requires attention from teams managing application infrastructure and security. The immediate first step is to identify all instances of Open WebUI, determine their exposure and criticality, and locate the responsible system owner for remediation planning.
- Identify affected systems and owners.
- Verify reachability and business criticality.
- Plan remediation based on risk.